If you have any questions or concerns about our use of your personal information, please contact us using the contact details provided at the bottom of this GDPR Privacy Notice.
For purposes of this disclosure document, references to "we", "us" or "our" mean BCBSA and/or BCBS FEP Dental, and references to "you" and "your" means individuals located in the EEA.
We collect the following categories of information from or about you:
This is data that identifies you or can be used to identify or contact you and may include the following categories:
Special Category Data
Special Category Data means Personal Data relating to:
How do we collect your Personal Data?
Where possible, we will collect Personal Data directly from you. On occasion, we may receive information about you from other people or sources. For example:
Like most websites, we gather statistical and other analytical information collected on an aggregate basis of all visitors to our website. This Non-Personal Data comprises information that cannot be used to identify or contact you, such as demographic information regarding, for example, user IP addresses where they have been clipped or anonymized, browser types and other anonymous statistical data involving the use of our website.
You should also be aware that when you visit our websites, we collect certain information that does not identify you personally, but provides us with "usage data" such as the number of visitors we receive or what pages are visited most often. This data helps us to analyze and improve the usefulness of the information we provide at these websites.
Like most commercial website owners, we may use what is known as "cookie" technology. A "cookie" is an element of data that a website can send to your browser when you link to that website. It is not a computer program and has no ability to instruct it to perform any step or function. By assigning a unique data element to each visitor, the website is able to recognize repeat users, track usage patterns and better serve you when you return to that site. The cookie does not extract other personal information about you, such as your name or address.
From time to time, we may receive personal information about you from third party sources, but only where these third parties either have your consent or are otherwise legally permitted or required to disclose your personal information to us.
We use the Non-Personal Data gathered from visitors to our website in an aggregate form to get a better understanding of where our visitors come from and to help us better design and organize our website.
In order for us to provide our services to you we require certain Personal Data from you. This Personal Data is processed by us for the following purposes:
|Purpose of Processing||Lawful Basis under GDPR|
|Administration purposes such as processing applications and claims and providing quotes.||Such processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract, for the purpose of complying with our legal obligations, and where you have consented to providing certain Special Category Data in respect of an application or claim.|
|Identity verification purposes.||Such processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract and for the purpose of complying with our legal obligations.|
|Administering insurance contracts including making changes to contracts, responding to queries and processing a cancellation.||Processing is necessary for the performance of a contract or in order to take steps at your request prior to entering into a contract.|
|Enforcing and defending our rights.||We have a legitimate interest in ensuring that our products and services and our website are used in accordance with our terms and conditions of use and policies. This interest includes where necessary, for the purpose of establishing, exercising or defending a legal claim, a prospective legal claim, legal proceedings or prospective legal proceedings; and, where necessary, for the purpose of complying with our legal obligations.|
|Training, quality monitoring or evaluating the services we provide, including through seeking data subjects' views.||Such processing is necessary for our legitimate interests. This interest is to improve our products, services and processes.|
|To comply with laws and regulations.||This processing is necessary to comply with our legal obligations.|
|Website services, including for troubleshooting, data analysis, and survey purposes.||We have a legitimate interest in operating a website and for related purposes.|
|Statistical information that cannot be related back to individuals to help us improve the services we offer.||We have a legitimate interest in operating a website and for related purposes.|
|To communicate with you;
To create anonymous data for analytics;
For compliance, fraud prevention and safety;
To improve our products and services
|These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impact on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by the impact on you (unless we have your consent or are otherwise required or permitted to by law).|
In some cases, we may also have a legal obligation to collect personal information from you or may otherwise need the personal information to protect your vital interests, such as meeting our HIPAA compliance obligations or working with law enforcement.
From time to time we may also ask for your consent to collect, use or share your personal information, such as when required by law or our agreements with third parties.
We may provide Non-Personal Data to third parties, where such information is combined with similar information of other users of our website. For example, we might inform third parties regarding the number of unique users who visit our website, the demographic breakdown of our community users of our website, or the activities that visitors to our website engage in while on our website. The third parties to whom we may provide this information may include potential or actual advertisers, providers of advertising services (including website tracking services), commercial partners, sponsors, licensees, researchers and other similar parties.
We may also share Personal Data:
Personal Data (including Special Category Data) may be transferred to third parties outside of the EEA, including Blue Cross Blue Shield Association which is based in the USA, for administrative purposes. This is only done in accordance with Data Protection Laws such as in accordance with the standard contractual clauses adopted by the European Commission.
We will disclose your Personal Data if we believe in good faith that we are required to disclose it in order to comply with any applicable law, a summons, a search warrant, a court or regulatory order or other statutory or legal requirement or to protect our rights or the rights of third parties.
We store data for as long as is necessary to provide the services and for a reasonable retention period. Our usual storage period is seven (7) years, but legal requirements and our corporate policies might lead to longer or shorter periods.
The GDPR also provides Data Subjects with certain individual rights with respect to their personal data. These include:
You have the right at any time to request access to and rectification or erasure of personal data that we hold. You can also request restriction of processing of your personal information, and you have the right to data portability. If you would like to exercise any of these rights, please send a written request to our Data Protection Officer at the address listed below. Not all requests can be granted. If your request is denied, you will be provided with the reason for the denial.
Where we are required by law to collect your personal data, or where we need your personal data in order to provide the benefits to or perform our contract with you, if you do not provide this information when requested (or you later ask to delete it), we may not be able to provide you with your benefits or our products and services. We will tell you what information you must provide by designating it as required or through other appropriate means.
If you use the features on this Website or on the websites of our business partners, you are "opting in" and agree to our collection of information as described above. You can "opt out" or prevent us from collecting personal information by not accessing this Website or using the interactive features of this Website or the websites of our business partners. You may "opt in" or "opt out" each time you access the Website. If you "opt out", you cannot use the interactive features of the Website.
In order to provide services to you, we receive personal information from you, from your providers of dental care, and from other third parties. We need access to your personal information, such as name, address, and medical information, regardless of who provides it, in order for us to provide the services described above.
We use automated decision-making processes and profiling in the performance of our insurance and plan administration contracts. For example, claims processing is primarily an automated process.
To the extent we transfer personal data out of the European Economic Area as contemplated under the GDPR, we do so in a manner that is consistent with the appropriate safeguards or other legal basis under the GDPR. Please contact us for information on any such transfers or the safeguards applied. Your information collected may be stored and processed in the United States, Europe, or other non-European countries.
If we intend to use personal information for a purpose other than the original purposes for which we collected the personal information, prior to that additional processing, we will provide you with information on that other purpose and any further relevant information, insofar as you do not already possess such information.
This Privacy Statement is kept under regular review and is subject to change in response to changing legal, technical or business developments. You can see when this Privacy Statement was last updated by checking the "last updated" date displayed at the bottom of this Privacy Statement.
While you may make a complaint to the Data Protection Commission, we ask that you contact first to give us the opportunity to address your concerns. If you would like to submit a complaint, you may contact us at firstname.lastname@example.org or lodge a complaint with the appropriate data protection authority in your jurisdiction. You can find your data protection regulator by visiting the European Commission website at ec.europa.eu.
If you would like to submit a complaint, you may contact us at DataProtectionOfficer@bcbsa.com or lodge a complaint with the appropriate data protection authority in your jurisdiction. You can find your data protection regulator by visiting the European Commission website at ec.europa.eu.
For the administration of FEP's overseas program, BCBSA serves as a Data Controller for EU data subjects.
Our address is 1310 G Street, NW, Washington DC 20005.
Our Data Protection Officer can be reached via email at DataProtectionOfficer@bcbsa.com.
You may also contact our EU representative at email@example.com.
You may also contact our EU representative at firstname.lastname@example.org, email@example.com or by contacting DataRep on its online webform at www.datarep.com/bcbsa. You may also mail your inquiry to DataRep at the most convenient of the addresses in the subsequent pages.
|Austria||DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria|
|Belgium||DataRep, Place de L'Université 16, Louvain-La-Neuve, Waals Brabant, 1348, Belgium|
|Bulgaria||DataRep, 132 Mimi Balkanska Str., Sofia, 1540, Bulgaria|
|Croatia||DataRep, Ground & 9th Floor, Hoto Tower, Savska cesta 32, Zagreb, 10000, Croatia|
|Cyprus||DataRep, Victory House, 205 Archbishop Makarios Avenue, Limassol, 3030, Cyprus|
|Czech Republic||DataRep, IQ Ostrava Ground floor, 28. rijna 3346/91, Ostrava-mesto, Moravska, Ostrava, Czech Republic|
|Denmark||DataRep, Lautruphøj 1-3, Ballerup, 2750, Denmark|
|Estonia||DataRep, 2nd Floor, Tornimae 5, Tallinn, 10145, Estonia|
|Finland||DataRep, Luna House, 5.krs, Mannerheimintie 12 B, Helsinki, 00100, Finland|
|France||DataRep, 72 rue de Lessard, Rouen, 76100, France|
|Germany||DataRep, 3rd and 4th floor, Altmarkt 10 B/D, Dresden, 01067, Germany|
|Greece||Greece DataRep, 24 Lagoumitzi str, Athens, 17671, Greece|
|Hungary||DataRep, President Centre, Kálmán Imre utca 1, Budapest, 1054, Hungary|
|Iceland||DataRep, Kalkofnsvegur 2, 101 Reykjavík, Iceland|
|Ireland||DataRep, The Cube, Monahan Road, Cork, T12 H1XY, Republic of Ireland|
|Italy||DataRep, Viale Giorgio Ribotta 11, Piano 1, Rome, Lazio, 00144, Italy|
|Latvia||DataRep, 4th & 5th floors, 14 Terbatas Street, Riga, LV-1011, Latvia|
|Liechtenstein||DataRep, City Tower, Brückenkopfgasse 1/6. Stock, Graz, 8020, Austria|
|Lithuania||DataRep, 44A Gedimino Avenue, 01110 Vilnius, Lithuania|
|Luxembourg||DataRep, BPM 335368, Banzelt 4 A, 6921, Roodt-sur-Syre, Luxembourg|
|Malta||DataRep, Tower Business Centre, 2nd floor, Tower Street, Swatar, BKR4013, Malta|
|Netherlands||DataRep, Cuserstraat 93, Floor 2 and 3, Amsterdam, 1081 CN, Netherlands|
|Norway||DataRep, C.J. Hambros Plass 2c, Oslo, 0164, Norway|
|Poland||DataRep, Budynek Fronton ul Kamienna 21, Krakow, 31-403, Poland|
|Portugal||DataRep, Torre de Monsanto, Rua Afonso Praça 30, 7th floor, Algès, Lisbon, 1495-061, Portugal|
|Romania||DataRep, 15 Piaţa Charles de Gaulle, nr. 1-T, Bucureşti, Sectorul 1, 011857,Romania|
|Slovakia||DataRep, Apollo Business Centre II, Block E / 9th floor, 4D Prievozska, Bratislava, 821 09, Slovakia|
|Slovenia||DataRep, Trg. Republike 3, Floor 3, Ljubljana, 1000, Slovenia|
|Spain||DataRep, Calle de Manzanares 4, Madrid, 28005, Spain|
|Sweden||DataRep, S:t Johannesgatan 2, 4th floor, Malmo, SE - 211 46, Sweden|
|United Kingdom||DataRep, 107-111 Fleet Street, London, EC4A 2AB, United Kingdom|
Last updated: 3/2/2022
Every year, we're required to send you specific information about your rights, your benefits and more. This can use up a lot of trees, so we've combined a couple of these required annual notices. Please take a few minutes to read about:
As mentioned in our Health Insurance Portability and Accountability Act (HIPAA) notice, we must follow state laws that are stricter than the federal HIPAA privacy law. This notice explains your rights and our legal duties under state law. This applies to life insurance benefits, in addition to health, dental and vision benefits that you may have.
We may collect, use and share your nonpublic personal information (PI) as described in this notice. PI identifies a person and is often gathered in an insurance matter.
We may collect PI about you from other persons or entities, such as doctors, hospitals or other carriers. We may share PI with persons or entities outside of our company - without your OK in some cases. If we take part in an activity that would require us to give you a chance to opt out, we will contact you. We will tell you how you can let us know that you do not want us to use or share your PI for a given activity. You have the right to access and correct your PI. Because PI is defined as any information that can be used to make judgments about your health, finances, character, habits, hobbies, reputation, career and credit, we take reasonable safety measures to protect the PI we have about you. A more detailed state notice is available upon request. Please call the phone number printed on your ID card.
THIS NOTICE DESCRIBES HOW HEALTH, VISION AND DENTAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION WITH REGARD TO YOUR HEALTH BENEFITS. PLEASE REVIEW IT CAREFULLY.
We keep the health and financial information of our current and former members private, as required by law, accreditation standards and our rules. This notice explains your rights. It also explains our legal duties and privacy practices. We are required by federal law to give you this notice.
We may collect, use and share your Protected Health Information (PHI) for the following reasons and others as allowed or required by law, including the HIPAA Privacy rule:
For payment: We use and share PHI to manage your account or benefits; or to pay claims for health care you get through your plan.
For health care operations: We use and share PHI for health care operations.
For treatment activities: We do not provide treatment. This is the role of a health care provider, such as your doctor or a hospital.
Examples of ways we use your information for payment, treatment and health care operations:
To you: We must give you access to your own PHI. We may also contact you to let you know about treatment options or other health-related benefits and services. When you or your dependents reach a certain age, we may tell you about other products or programs for which you may be eligible. This may include individual coverage. We may also send you reminders about routine medical checkups and tests.
To others: In most cases, if we use or disclose your PHI outside of treatment, payment, operations or research activities, we must get your OK in writing first. We must receive your written OK before we can use your PHI for certain marketing activities. We must get your written OK before we sell your PHI. If we have them, we must get your OK before we disclose your provider's psychotherapy notes. Other uses and disclosures of your PHI not mentioned in this notice may also require your written OK. You always have the right to revoke any written OK you provide.
You may tell us in writing that it is OK for us to give your PHI to someone else for any reason. Also, if you are present and tell us it is OK, we may give your PHI to a family member, friend or other person. We would do this if it has to do with your current treatment or payment for your treatment. If you are not present, if it is an emergency, or you are not able to tell us it is OK, we may give your PHI to a family member, friend or other person if sharing your PHI is in your best interest.
As allowed or required by law: We may also share your PHI for other types of activities including:
If you are enrolled with us through an employer-sponsored group health plan, we may share PHI with your group health plan. If your employer pays your premium or part of your premium, but does not pay your health insurance claims, your employer is not allowed to receive your PHI - unless your employer promises to protect your PHI and makes sure the PHI will be used for legal reasons only.
Authorization: We will get an OK from you in writing before we use or share your PHI for any other purpose not stated in this notice. You may take away this OK at any time, in writing. We will then stop using your PHI for that purpose. But, if we have already used or shared your PHI based on your OK, we cannot undo any actions we took before you told us to stop.
Genetic information: We cannot use or disclose PHI that is an individual's genetic information for underwriting.
Race, Ethnicity, and Language: We may receive race, ethnicity, and language information about you and protect this information as described in this Notice. We may use this information for various health care operations which include identifying health care disparities, developing care management programs and educational materials, and providing interpretation services. We do not use race, ethnicity, and language information to perform underwriting, rate setting or benefit determinations, and we do not disclose this information to unauthorized persons.
Under federal law, you have the right to:
We are dedicated to protecting your PHI, and have set up a number of policies and practices to help make sure your PHI is kept secure.
We have to keep your PHI private. If we believe your PHI has been breached, we must let you know.
We keep your oral, written and electronic PHI safe using physical, electronic, and procedural means. These safeguards follow federal and state laws. Some of the ways we keep your PHI safe include securing offices that hold PHI, password-protecting computers, and locking storage areas and filing cabinets. We require our employees to protect PHI through written policies and procedures. These policies limit access to PHI to only those employees who need the data to do their job. Employees are also required to wear ID badges to help keep people who do not belong out of areas where sensitive data is kept. Also, where required by law, our affiliates and nonaffiliates must protect the privacy of data we share in the normal course of business. They are not allowed to give PHI to others without your written OK, except as allowed by law and outlined in this notice.
HIPAA (the federal privacy law) generally does not preempt, or override, other laws that give people greater privacy protections. As a result, if any state or federal privacy law requires us to provide you with more privacy protections, then we must also follow that law in addition to HIPAA.
We, including our affiliates or vendors, may call or text any telephone numbers provided by you using an automated telephone dialing system and/or a prerecorded message. Without limitation, these calls may concern treatment options, other health-related benefits and services, enrollment, payment, or billing.
If you think we have not protected your privacy, you can file a complaint with us. You may also file a complaint with the Office for Civil Rights in the U.S. Department of Health and Human Services. We will not take action against you for filing a complaint.
Please call Customer Service at the phone number printed on your ID card. Representatives can help you apply your rights, file a complaint or talk with you about privacy issues.
You have the right to get a new copy of this notice at any time. Even if you have agreed to get this notice by electronic means, you still have the right to a paper copy. We reserve the right to change this notice. A revised notice will apply to PHI we already have about you, as well as any PHI we may get in the future. We are required by law to follow the privacy notice that is in effect at this time. We may tell you about any changes to our notice in a number of ways. We may tell you about the changes in a member newsletter or post them on our website. We may also mail you a letter that tells you about any changes.
We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which we use to recognize your computer or mobile device when it revisits our website; and (2) third party cookies, which are served by service providers on our website, and can be used by such service providers to recognize your computer or mobile device when it visits other websites.
bcbsfepdental.com uses the following types of cookies for the purposes set out below:
|Type of Cookie||Purpose|
|Essential Cookies||These cookies are essential to provide you with services available through our website and to enable you to use some of its features. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services.|
|Functionality Cookies||These cookies allow our website to remember choices you make when you use bcbsfepdental.com, such as remembering your language preferences, remembering your login details and remembering the changes you make on other parts of our website which you can customize. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit bcbsfepdental.com.|
|Analytics and Performance Cookies||These cookies are used to collect information about traffic to our website and how users use bcbsfepdental.com. The information gathered does not identify any individual visitor. The information is aggregated and anonymous. The information gathered may include the number of visitors to bcbsfepdental.com, the websites that referred them to our website, the pages they visited on our website, what time of day they visited our website, whether they have visited our website before, and other similar information. We use Google Analytics for this purpose. Google Analytics uses its own cookies. You can find out more information about Google Analytics cookies here and about how Google protects your data here. You can prevent the use of Google Analytics relating to your use of our site by downloading and installing the browser plugin available here.|
|Targeted and Advertising Cookies||These cookies track your browsing habits to enable us to show advertising that is more likely to be of interest to you. These cookies use information about your browsing history to group you with other users who have similar interests. Based on that information, third party advertisers can place cookies to enable them to show advertisements that we think will be relevant to your interests while you are on third party websites.|
|Social Media Cookies||These cookies are used when you visit any public bcbsfepdental.com page. A social networking website such as Facebook, Twitter or LinkedIn can record that you have visited this page and could use this information to serve you relevant ads that are in compliance with platform advertising policies.|
If you decide at any time that you no longer wish to accept cookies from our services for any of the purposes described above, then you can typically instruct your browser, by changing its settings, to remove or stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. In order to do this, consult your browser's technical information (instructions are usually located within the "settings," "help", "tools" or "edit" facility). Many browsers are set to accept cookies until you change your settings.
Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit www.allaboutcookies.org.
If you do not accept our cookies, you may experience some inconvenience or not be able to use all portions of the services or all functionality of the services. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit bcbsfepdental.com.
In addition, we may use pixel tags (also referred to as clear GIFs, web beacons, or web bugs) on bcbsfepdental.com to track the actions of users on website. Pixel tags are tiny graphic images with a unique identifier, similar in function to cookies, which are used to track online movements of web users. In contrast to cookies, which are stored on a user's computer hard drive, pixel tags are embedded invisibly in web pages. Pixel tags also allow us to send email messages in a format users can read, and they tell us whether emails have been opened, for example, to ensure that we are sending messages that are of interest to our users. We may use this information to reduce or eliminate messages sent to a user.
Some internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not respond to do not track signals. To find out more about "Do Not Track," please visit www.allaboutdnt.com.
We may work with certain third parties to provide us with information regarding traffic on bcbsfepdental.com, to serve advertisements elsewhere online, and to provide us with information regarding the use of our website or services and the effectiveness of our advertisements. These third parties may automatically collect information about you using their own cookies or other technologies, or may otherwise collect or have access to, information about your visits to this and other websites, your IP address, your ISP, the browser you use to visit our website and other usage information. Information collected may be used, among other things, to deliver advertising targeted to your interests and to better understand the usage and visitation of our website and the other sites tracked by these third parties. If you would like more information about this practice and to know your choices about not having this information used by these companies, you may visit: www.aboutads.info/choices (for website users), www.networkadvertising.org/managing/opt_out.asp (for website users), http://youronlinechoices.eu/ (for users in the EU), or http://youradchoices.com/appchoices (for mobile app users).
The original effective date of this Notice was April 14, 2003. The most recent revision date is indicated in the footer of this Notice.